Lab #1: Docker Overlay Networking

The overlay network driver creates a distributed network among multiple Docker daemon hosts. It allows you to create a secure, layer-2 network, spanning into multiple docker hosts. When you setup a Docker swarm/ Docker in swarm mode, docker automatically create an overlay network called ingress.

Firewall rules for Docker daemons using overlay networks

You need the following ports open to traffic to and from each Docker host participating on an overlay network:

TCP port 2377 for cluster management communications
TCP and UDP port 7946 for communication among nodes
UDP port 4789 for overlay network traffic

Pre-requisite:

Tested Infrastructure

Platform Number of Instance Reading Time
Play with Docker 2 5 min

Pre-requisite

Check docker network in host mode

$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
e2ff8b7516b8        bridge              bridge              local
2bbb99678f58        host                host                local
04212f972673        none                null                local

Setting up a swarm

$ docker swarm init --advertise-addr=<Manager_Private_IP> --listen-addr=<Manager_Private_IP>:2377

Once swarm is ready lets check network

Network in swarm mode

$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
e2ff8b7516b8        bridge              bridge              local
6a424c3904d1        docker_gwbridge     bridge              local
2bbb99678f58        host                host                local
s0ty6ay3lgdx        ingress             overlay             swarm
04212f972673        none                null                local

You will see the default overlay network ingress has been created on both hosts (Worker and Manager). But when you create a custom overlay network, Only on manager node the network will get created on host node once the task is assigned then on the custom network will get created.

Contributor

Savio Mathew